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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 

basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-66 are rejected under 35 U.S.C. 102(e) as being anticipated by Goldberg et 
al(2004/0013112). 

3. As per claim 1 , Goldberg et al. discloses a method for network protocol filtering of a 
packet[0008], determining packet type(i.e. particular protocol) for the packet[0062]; obtaining 
packet information for the packet[0009]; determining whether the packet information is in a 
table; responsive to the packet information being in the table, obtaining an index fi-om the table; 
and storing the index in a data structure in association with the packet[0048, 0062-0063, 0066]. 

4. As per claim 2, Goldberg et al. discloses determining whether the packet is for a new 
connection and responsive to the packet not being for the new connection, the determining 
whether the packet information is in the table[0009-0010, 0048]. 

5. As per claim 3, Goldberg discloses wherein the packet type is a 
Transmission Control Protocol type[0055]. 

6. As per claim 4, Goldberg discloses wherein the packet type is a User 
Datagram Protocol t5^e[0055]. 

7. As per claims 5, 36, Goldberg discloses wherein the packet information is a five- 
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tuple including source and destination addresses, source and destination ports, 
and a packet type identifier [0055]. 

8. As per claims 6, 37, Goldberg discloses wherein the packet type is a Generic 
Routing Encapsulation type[0055, 0130]. 

9. As per claims 7, 38, Goldberg discloses wherein the packet information is a five- tuple 
including source and destination addresses, an apportioned Generic Routing Encapsulation 
identifier, and a packet type identifier [005 5, 0085]. 

10. As per claims 8, 39, Goldberg discloses wherein the packet type is an Internet Protocol 
Security type[0055-0056]. 

11. As per claims 9, 40, Goldberg discloses wherein the packet information is a five- tuple 
including source and destination addresses, an apportioned security parameter string; and a 
packet type identifier[0009, 0055]. 

12. As per claim 10, Goldberg discloses wherein the table is a connection table and the index 
is to a network address translation table[0048, col. 3 table 3] 

13. As per claim 1 1 , Goldberg discloses wherein the table is a network address translation 
table and the index is to a connection table[0055, col. 3 table 3]. 

12. As per claim 12, Goldberg discloses using the index to identify another index; and 
storing the other index in another data structure in association with the packet[col. 7 and 8, tables 
2-3]. 

13. As per claim 13, Goldberg discloses wherein the other index is to an address resolution 
tabIe[coI. 8 table 3]. 

14. As per claim 14, Goldberg discloses a method for inbound network address translation 
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packet filtering[see col. 8 table 3], comprising: obtaining a packet; determining whether type of 
the packet is one of a Transmission Control Protocol[0009, 0062] , a User Datagram Protocol, a 
Generic Routing Encapsulation, an Internet Control Message Protocol type[0055]; if the type is 
the Transmission Control Protocol type, determining if the packet is an initial packet for a 
connection; if the type is the Transmission-Control Protocol type and the packet is for an existing 
connection. Obtaining packet information from the packet; determining whether the packet 
information is in a first table; responsive to the packet information being in the first table, 
obtaining a first index from the first table, the first index for a second table; storing the first 
index in a data structure associated with the packet; obtaining a second index from the second 
table responsive to the first index[0066, col. 7-8, table 2-3]. 

15. As per claim 15, Goldberg discloses wherein the data structure is for a 
plurality of canonical frame headers [0061]. 

16. As per claim 1 6, Goldberg discloses wherein the first table is a network 
address translation table[col. 8, table 3]. 

17. As per claim 17, Goldberg discloses wherein the second table is a 
connection table[0048]. 

18. As per claim 1 8, Goldberg discloses wherein the third table is an address 
resolution table[col. 7-8, table 2-3]. 

19. As per claims 19, 41, Goldberg discloses checking validity of layers of the Packet; 
checking Internet Protocol options for the packet; and determining whether the packet is a 
fragment[0055-0056]. 
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20. As per claims 20, 42, Goldberg discloses determining whether 

the network address translation, is supported by a network processing unit[0101, col. 8 table 3]. 

21. As per claim 2 1 , Goldberg discloses a method for inbound network address translation 
packet filtering[0101 table 3], comprising: obtaining a packet; 

determining whether type of the packet is one of a Transmission Control 
Protocol[0009, 0062], if the type is the Transmission Control Protocol type, determining if the 
packet is an initial packet for a connection[0066]; determining whether the packet information is 
in a first table[0048]; responsive to the packet information being in the first table, obtaining 
a first index from, the first table, the first index for a second table[0048, 0062-0063]; storing the 
first index in a data structure associated with the packet; obtaining a second index from the 
second table responsive to the first index; storing the second index in the data structure; 
obtaining a third index from one of the first table and the second table, the third index to a third 
table; and storing the third index in the data structure[col. 7-8, tables 2-3]. 

22. As per claims 22, 27, 32, 44, 48, 52, wherein the data structure is for a plurality of 
canonical frame headers [0061]. 

23. As per claims 23, 28, 33, 45, 49, 53, Goldberg discloses wherein the first table is a 
network address franslation table[col. 8, table 3]. 

24. As per claims 24, 29, 34, 50, Goldberg discloses wherein the second table is a 

connection table[0048]. 

25. As per claims 25, 30, 35, Goldberg discloses wherein the third table is an address 
resolution table[col. 8, table 3]. 
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26. As per claim 26, limitations have already been addressed see claim 1 . 

27. As per claims 3 1 , 43, 47, 5 1 , Goldberg discloses a method for outbound packet 
filtering[0045, 0054], comprising obtaining a packet[0009]; determining whether an incoming 
interface for the packet is running network address translation; if the incoming interface is 
running the network address translation[0055], obtaining a first index from a data structure 
associated with the packet; and obtaining packet information in a first table using the first index; 
determining whether type of the packet is one of a Transmission Control Protocol[0066], if the 
type is the Transmission Control Protocol type, determining if the packet is an initial packet for a 
connection; if the t3^e is the Transmission Control Protocol type and the packet is for an existing 
connection obtaining the packet information from the packet[0062-0063, 0066]; determining 
whether the packet information is in a second table; responsive to the packet information being 
in the second table, obtaining a second index from the second table; storing the second index in 
the data structure [col. 7-8, tables 2-3]; checking whether the packet is the Transmission Control 
Protocol type; and responsive to the packet being the Transmission Control Protocol type, 
checking for a Transmission Control Protocol state error of the packet if the Internet Protocol 
Security type[0066, 0071], obtaining packet information from the packet; determining whether 
the packet information is in the second table; responsive to the packet information being in the 
second table, obtaining the Second index from the second table; and storing the second index in 
the data structure[0055-0056]; if the type is the Internet Control Message Protocol type, 
determining, whether the Internet Control Message-Protocol type is on a list of Internet Control 
Message Protocol types[0067]; if the type is not the Internet Control Message Protocol type, 
determining if the outgoing interface is running the network address translation; responsive to 
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the outgoing interface running the network address translation, obtaining the second index from 
the data structure; and obtaining the packet information from the first table using the second 
index[0067-0069]. 

28. As per claim 54, Goldberg discloses wherein the first index is to a connection 
table[0048], and wherein the second index is to the network address franslation table[col. 8, table 
3]. 

29. As per claims 55-56, Goldberg discloses an apparatus for network protocol filtering of a 
packet[0008], comprising: means for determining packet type for the packet[0062]; means for 
obtaining packet information for the packet[0009]; means for determining whether the packet 
information is in a table[0048, 0062-0063, 0066]; means for obtaining an index from the, table 
responsive to the packet information being in the table[0048, 0062-0063, 0066]; and means for 
storing the index in a header of the packet[0055, col. 7-8 tables 2-3]. 

30. As per claim 57, method-for network address franslating, comprising: obtaining a packet 
for network address translation, the packet having a media access control header[0055-0056, col. 
7-8 tables 2-3]; determining if a network processing unit is in a pass-through mode responsive 
for the packet; and responsive to the network processing unit not being in the pass-through mode, 
obtaining a media access confrol source address from the media access control header is stored in 
an address resolution table[0056, tables 2-3]; determining whether an incoming interface is 
running network address translation; and network address translation filtering the packet 
responsive to the incoming interface running the network address translation, the network 
address franslation filtering including, obtaining an address resolution table index from the 
packet[0009, 0062, col. 7-8 tables 2-3]. 
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31. As per claim 58, Goldberg discloses wherein the pass-through mode is a firewall only 
mode[0052]. 

32. As per claim 59, Goldberg discloses further comprising: determining whether the packet 
is for a multicast or broadcast firame; determining whether the incoming interface equals an 
outgoing interface; and reading control bits for the packet responsive to the media access control 
source address obtained[006 1-0062, 0065-0066]. 

33. As per claim 60, Goldberg discloses determining protocol type of the packet; and 
determining whether the protocol type is supported on the outgoing 
interface[0009, 0055]. 

34. As per claim 61, Goldberg discloses further comprising determining whether 
broadcasting or multicasting is invoked for the outgoing interface[006 1-0062, 0065-0066]. 

35. As per claims 62-63, Goldberg discloses an apparatus for network address translating, 
comprising: means for obtaining a packet for network address translation, the packet having a 
media access control header; means for determining if a network processing unit is not in a pass- 
through mode responsive for the Packet[0055-0056, col. 7-8 tables 2-3]; means for obtaining a 
media access control source address from the media access control header is stored in an address 
resolution table; means for reading control bits for the packet responsive to the media access 
control source address obtained; means for determining whether an incoming interface is running 
network address translation; and means for network address translation filtering the packet 
responsive to the incoming interface running the address translation, the means for network 
address translation filtering including means for obtaining an address resolution table index from 
the packet[0009, 0056, 0062]. 
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36. As per claim 64, Goldberg discloses determining if network address translation is running 
on an inbound interface responsive to network address translation running on the inbound 
interface, obtaining a connection table index[0048] and a network address table index[col. 7-8 
tables 2-3]; and translating local address packet information to public address packet information 
for a packet[0054-0055, 0066]. 

37. As per claim 65, Goldberg discloses wherein the translating comprises obtaining the local 
address packet information and the public address packet information from a connection table 
and a network address franslation table, respectively, respectively responsive to the connection 
table index and the network address table index[0048, 0054-0055, 0066]. 

38. As per claim 66, Goldberg discloses determining if the packet is a Transmission Control 
Protocol ("TCP") packet; responsive to the packet being a TCP packet, checking validity of 
Intemet Protocol options; and checking TCP state for an error[0062, 0066]. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JENISE E. JACKSON whose telephone number is (571)272- 
3791. The examiner can normally be reached on Increased Flex time, but generally in the office 
M-Fri(8-4:30).. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Elecfronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



August 17, 2008 
/J. E. J./ 

Examiner, Art Unit 2139 
/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



